Don’t Download Images on WhatsApp, Hackers Could Steal Your Data
WhatsApp and Telegram’s end-to-end encryption is too safe for its own liking. This week, a security software company has reported that a malware vulnerability, on both the messaging platforms, has raised serious data security concern.
If the knowledge falls into the wrong hands, it could compromise data of millions of WhatsApp and Telegram users. As scary as this might sound, the threat has been notified to WhatsApp and Telegram, and has been fixed at the time of publishing this piece.
The report has been shared by Check Point Software Technologies, who have clearly indicated that downloading images and videos on your phone from these platforms could be riskier than they could imagine.
This has been lauded by many people, including the users, so that no misuse of such data happens. But as it turns out, hackers could even turn this strong point to their benefit.
This same mechanism has also been the origin of a new severe vulnerability, which the folks at Check Point have been able to discover in both – WhatsApp and Telegram, albeit just the web version.
The reason this flaw works is because WhatsApp and Telegram support HTML, Text and video format files to be sent to each other.
How it Happened?
Check Point was quick to point out that since messages were encrypted without being validated first, WhatsApp and Telegram were blind to the content, thus making them unable to prevent malicious content from being sent.
It adds that the affected HTML files would look like a normal image, and clicking on that image would navigate you to the infected page, and in turn, the data stored in your internal storage will be sent to the hacker.
Speaking to Saket Modi, Co-founder at Lucideus, a cyber security firm, we got some interesting insights into how the web version of WhatsApp or Telegram could be more prone to such attacks than the mobile version.
He also pointed out the core reason or matter that leads to this vulnerability to take place.
Who’s at Fault?
Both Check Point and Saket have stayed away from pointing fingers at anyone, with special emphasis on the fact that encryption isn’t the sole reason for this vulnerability.
However, he did alert everyone to the reality that hacking WhatsApp data is very much doable, and it doesn’t matter if you’re a celebrity or just a normal person on the social platforms.
Being part of the digital-cum-social sphere comes with its set of responsibilities and awareness, and users ought to adhere to that for their own safety.